1. Field of the Invention
The present invention relates generally to communication networks and more particularly to an enhanced system for protecting communication networks from communication with malicious remote entities.
2. Description of the Related Art
Networked applications commonly use certificates to verify the integrity of remote entities and the integrity and confidentiality of communications to/from the remote location. However, vulnerability exists in that the local trust databases (containing roots of trust chain) may be subverted or modified by unwitting or malicious users or software. This may result in the insertion of trust roots which are not trustworthy with respect to enterprise policy. This results in the local user or software placing trust in non-trustworthy communications, documents or remote locations.
U.S. Publicn. No. 2005/0262558, entitled “ON-LINE CENTRALIZED AND LOCAL AUTHORIZATION OF EXECUTABLE FILES,” discloses a system and method for controlling the execution of executable files. The executables are identified by either a cryptographic digest or a digital certificate. The cryptographic digest is computed from the binary image of the executable. An executable that is attempting to execute is intercepted by a protection module that consults a database of stored rules over a secure channel to determine whether or not the executable can be identified as a permitted executable and whether or not it has permission to execute on a particular computer system under certain specified conditions. If a stored permission is available, it is used to control the execution. Otherwise, the user is consulted for permission.
U.S. Publicn. No. 2010/0077445, entitled “GRADUATED ENFORCEMENT OF RESTRICTIONS ACCORDING TO AN APPLICATION'S REPUTATION,” discloses security software on a client that observes a request for a resource from an application on the client and then determines the application's reputation. The application's reputation may be measured by a reputation score obtained from a remote reputation server. The security software determines an access policy from a graduated set of possible access policies for the application based on the application's reputation. The security software applies the access policy to the application's request for the resource. In this way, the reputation-based system uses a graduated trust scale and a policy enforcement mechanism that restricts or grants application functionality for resource interactivity along a graduated scale.